The Ultimate Addons for Gutenberg plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 1.14.7. This is due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber+ roles to update the plugin's settings.
History

Sat, 21 Dec 2024 00:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2023-06-07T01:51:17.526Z

Updated: 2024-12-20T23:54:39.650Z

Reserved: 2023-06-06T12:36:29.059Z

Link: CVE-2020-36702

cve-icon Vulnrichment

Updated: 2024-08-04T17:37:06.777Z

cve-icon NVD

Status : Modified

Published: 2023-06-07T02:15:11.257

Modified: 2024-11-21T05:30:06.450

Link: CVE-2020-36702

cve-icon Redhat

No data.